-
Notifications
You must be signed in to change notification settings - Fork 956
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
There is a Stored XSS #389
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I find a Stored XSS
client user can use this vulnerability to attack administrator users,Can use js to send post request, indirectly operate the administrator account,a serious threat to website security。
exploit
client login site,and modify the account name to
</span><img src=1 onerror=alert(1) /><span>
now,if super user login and look clients,Will trigger XSS。
Hackers can exploit this vulnerability to perform any action by the administrator.
The text was updated successfully, but these errors were encountered: